Being Secure on Public Wi-Fi: VPN, Firewalls, File Sharing
With a dash of technical knowledge and some preparation, you can safely use a public WiFi network. Public Wi-Fi security is a very different thing.
Wi-Fi networks that you setup and control be it at home or in a small business, start with an assumed safe group of users. The main security objectives are encrypting data traveling over the air and keeping outsiders out.
On a public wireless network you also need to be concerned with encrypting data coming into and out of your computer, but the solutions are very different. On top of this, public networks add new threats because you are now sharing a network with total strangers as opposed to a trusted group.
Encryption is easy on your own network but a major pain on a public network. Home networks configured with WPA (more technically WPA-TKIP) or WPA2 (more technically WPA2-AES-CCMP) get their encryption for free, so to speak. As a user of the network all you need to do is enter the password and everything is encrypted.
Public networks typically don’t use WPA or WPA2, leaving you to implement your own when it comes to encryption. The simplest solution is to use secure HTTPS web pages. For example, when I’m traveling for short periods of time, I use secure webmail for my email.
However, some webmail systems only encrypt the page where you enter your user ID and password. They do not encrypt the pages where you read and write messages.
Most web pages are not secure, no doubt including some that you would prefer everyone couldn’t tell you were viewing, the Internet is much more than just web pages.
Question : How can you encrypt everything on a public wireless network?
Answer: A Virtual Private Network (a.k.a. VPN).
Virtual Private Networks
What WPA and WPA2 give you on your home network, a VPN gives you on a public network, encrypting everything coming into and out of your computer. I suspect there are millions of computer users that could and should be using a VPN but aren’t aware of it as an option.
VPNs are often couched in brutally obscure techie lingo. In part this is because their market has always been networking techie’s at large companies. But no more, newer types of VPNs are simpler to implement and are available to a newer audience: you and me.
The classic VPN linked the network in one corporate office to another. Perhaps the most common use of VPNs is for traveling employees to make a secure link back to their home office.
There is another type of VPN for people who are not employed by large companies and/or who don’t have a home office network they need to connect with. For lack of a better term, I’ll refer to them as consumer VPNs.
A corporate or business VPN treats the entire Internet as the enemy and encrypts everything between the traveling employee and the home office. A consumer VPN only treats the immediate area (typically a public wireless network) as the enemy. That is, the goal of a consumer VPN is to offer the same level of security you would have at home by using a wired Internet connection. Thus, a consumer VPN encrypts everything between you and the servers of the company offering the VPN service. After data gets to the VPN company’s servers, it is decrypted and dumped on the Internet.
To illustrate, assume that you are in Dublin using a VPN service from a company in Cork and listening to a radio station streaming from Galway (again, a VPN encrypts all traffic, including streaming audio). Data coming into your computer travels unencrypted from Galway to Cork. The VPN company then encrypts the data (your favorite radio station) and sends it from Cork to you in Dublin. Software on your computer then decrypts the data.
The goal here is that the network you are connected to in Dublin, be it a public Wi-Fi network or perhaps a wired network in a hotel, only sees encrypted data. No one in Dublin has any idea what you are doing on the Internet.
Another issue when sharing a computer network with strangers is keeping them out of your computer. The first line of defence here is a firewall program running on your computer.
A firewall program is basically a bunch of rules about what type of data is allowed in, and with better firewalls, what type of data is allowed out. In this case, the issue is incoming data. A good firewall should block all incoming unsolicited data.
Does your firewall program do this?
Unfortunately, this can be a very hard question to answer. Configuring a firewall, even for someone familiar with the basic concepts, can be maddening. Perhaps the best user interface I’ve seen for configuring the firewall rules is the firewall in Windows XP. As a firewall, it’s lightweight but it’s good enough for many people. Older versions of ZoneAlarm also had an easy to understand user interface.
One of the bad things that can happen as a result of a hole in the firewall is that bad guys on the shared Wi-Fi network can see and copy files on your computer.
As a second line of defence, consider disabling the file sharing feature in your operating system. For example, Windows XP users can bring up the properties of their wireless network connection from the Network Connections icon in the Control Panel. There is a checkbox for “File and Printer Sharing for Microsoft Networks.” Turning this off provides another hurdle for the bad guys to get through.
If you never share files or printers on a network, then you can disable the underlying services in Windows. However, this prevents file sharing on wired networks and may be a pain to debug when a year or two down the road you want to start sharing files or printers.
Who Are You? (The Fake Name)
My last piece of advice concerns the names of wireless networks.
Anyone setting up a wireless network can name it anything they like. Thus, if you find yourself in a Starbucks coffee shop and want to use their free Wi-Fi, is their network called “SBwifi,” “SBwireless,” “starbucks” or “free public wifi”?
The only way to know is ask someone who works for the store. Don’t make any assumption about a wireless network based on its name. The last choice, “free public wifi” is infamous for not being what the name implies.
It takes work, but it is possible to be safe and secure on a public Wi-Fi network.
For information on how we can help secure your WiFi Connections and provide VPN services give us a call on 1850 88 79 79 or email email@example.com